DARPA fortifies early warning system for power-grid cyber assault

The Defense Advanced Research Projects Agency (DARPA) continues to hone the system it hopes would quickly restore power to the U.S. electric grid in the event of a massive cyberattack. The research agency this week said it awarded defense system stalwart BAE Systems an $8.6 million contract to develop a system under its Rapid Attack Detection, Isolation and Characterization (RADICS) program that has as its central goal to develop technology that will detect and automatically respond to cyber-attacks on US critical infrastructure.

BAE is the latest vendor to join the RADICS program which has doled out millions in research funds to key vendors such as Raytheon, SRI International, Vencore and includes government agencies such as the Department of Homeland Security and ICS-CERT.

When it announced RADICS in 2015, DARPA said an early warning capability for power suppliers could prevent an attack entirely or blunt its effects, such as damage to equipment.

“But the vast scale of the nation’s electrical infrastructure means that some number of systems are likely to be in an abnormal state at any given time, and it can be difficult to distinguish between routine outages and actual attacks. RADICS four-year plan looks to develop advanced anomaly-detection systems with high sensitivity and low false positive rates, based on analyses of the power grid’s dynamics,” DARPA stated.

“Recognizing that in some locations Internet infrastructure may not be operational after an attack, or that hackers may have embedded malicious code in utilities’ IT systems during an attack, RADICS also calls for the design of a secure emergency network that could connect power suppliers in the critical period after an attack. The creation of such a network will require new research into advanced security measures, as well as innovative technologies to facilitate the rapid connection of key organizations, without relying on advance coordination among them,” DARPA said.

Basically, the RADICS system would detect a cyberattack and direct grid system control centers and traffic to a back-up wireless network – what’s called a secure emergency network (SEN) that would be completely disconnected from the Internet. The SEN would be made up of wireless networks, satellite or cell systems that would let impacted organizations communicate with each other, while preventing the adversary from gaining access.

For its part once activated, BAE Systems technology would detect and disconnect unauthorized internal and external users from local networks within minutes, and creates a robust, hybrid network of data links secured by multiple layers of encryption and user authentication, according to Victor Firoiu, senior principal engineer and Manager of Communications and Networking for BAE. The system uses network traffic control and analysis that will let utilities establish and maintain emergency communications amongst key now isolated control centers, Firoiu said.

The final component of RADICS is forensics. The idea is to rapidly localize and characterize cyber-weapons that have gained access to power grid infrastructure. These intrusions may take the form of malicious code or data. Malicious code may be injected into ICS devices or control center computers, whereas data attacks may change the configuration data of ICS devices, causing them to behave incorrectly. TA-3 systems must be able to map industrial control systems, gather configuration data, determine which devices are behaving incorrectly, and discover and characterize malware.

Forensic analysis of industrial control systems and devices is largely a manual process. Scanning an ICS network with conventional IT network analysis tools can cause industrial devices to become non-responsive, DARPA is looking for what it calls innovative approaches for safely mapping and assessing the state of such networks.

“Clearly the need for RADICS is there as attacker technology has developed and the threat to the electrical grid has increased,” Firoiu stated.